There are two actions that you must take in class today:

1. On both your real machine and your virtual server, create a file /root/FLAG (it should be the same file on each machine) that is no longer than 1024 bytes, with permissions 644 (your /root directory should of course be 700). You may not modify this file once I have retrieved it unless you are requested to do so (for instance, if it is compromised you will be asked to create a new flag). You may put anything you like (a short excerpt from literature, random numbers, etc.) but it needs to be printable ASCII only --- use no bytes outside of 32-126. For instance, you could "od -N 100 < /dev/urandom > /root/FLAG" to create this file, or you could visit Project Gutenberg to find literature.
2. On both your real machine and your virtual server, retrieve the public key at zakey.pub and install it in /root/.ssh/authorized_keys (if you already have something in there, just append the key); make sure that the permissions are appropriate since sshd is picky about them. Then configure sshd to answer on port 366 with no port knocking or other firewall impediments. We will verify in class that your installation works, and I will retrieve a copy of your flag file.

Rules on Offense

You may not modify another team's machine in any permanent fashion with two exceptions. The first is if your compromise technique itself requires such modification then you may do so. The second is that you may also change the root password on a compromised machine.

You may try any type of ruse (including social engineering) to get another team to reveal information.

At no time may you physically touch any other computing or networking equipment in the room other than your assigned machine. Don't plug CDs or USB memory sticks into other folks' machines. Don't rewire the room.

DO NOT ATTEMPT ANY ATTACKS ON MACHINES OUTSIDE THE LAB, AND OF THOSE IN THE LAB, ONLY THOSE USING IP NUMBERS IN THE RANGE 192.168.10.10 -> 192.168.10.200.

DO NOT USE ARP ATTACKS. It's too disruptive.

Rules on Defense

You must leave your real and virtual machines up and running, and able to connect to the Internet. You may not change IP numbers or MAC addresses on your required real and virtual machines; if you create other virtual machines, you may use any of the three additional IP numbers assigned to you (though using VirtualBox's internal NAT is probably a better course.)

You may turn off all outward facing services except those we configured for class. Once we have enabled a service, however, you should leave it running for the semester unless I ask you to turn it off. In particular, you must leave sshd on port 366 with no firewall blocking it.

Be aware of social engineering. It has been the single most effective technique for this security exercise. While a number of technical compromises have been successful (particularly attacks against LAMP servers), spear phishing alone has been far more effective.

Penalty for no/incorrect/inaccessible flag: Each time that your flag is found to be inaccessible on either of your machines, 1 point will be deducted from your final grade, up to 1 point per day.

A journal is due for this assignment. Make sure that you document in your journal all of the steps that you went through, following the guidelines on the class home page. Please turn in a printed copy of this assignment by exam time on Friday, December 14. Note that the final day of class is December 6; I will accept journals at that time, and I will be in my office all morning on December 14 so you can drop off journals at that time also.